#11037 closed (duplicate)
Support HTTPOnly cookie for HttpResponse.set_cookie
Reported by: | Henrik Vendelbo | Owned by: | nobody |
---|---|---|---|
Component: | HTTP handling | Version: | dev |
Severity: | Keywords: | ||
Cc: | Triage Stage: | Design decision needed | |
Has patch: | no | Needs documentation: | no |
Needs tests: | no | Patch needs improvement: | no |
Easy pickings: | no | UI/UX: | no |
Description
Most browsers has some support for HTTPOnly cookies. It provides some protection against XSS attacks.
http://www.owasp.org/index.php/HTTPOnly
I've added another optional parameter to the set_cookie method. I also figured that it should be possible to make the sessionid use the flag.
Attachments (1)
Change History (4)
comment:1 by , 16 years ago
Has patch: | unset |
---|---|
milestone: | 1.1 |
Triage Stage: | Unreviewed → Design decision needed |
comment:2 by , 16 years ago
Resolution: | → duplicate |
---|---|
Status: | new → closed |
Duplicate of #3304. Please search the existing ticket list before submitting new tickets.
by , 16 years ago
Attachment: | 11037.diff added |
---|
comment:3 by , 16 years ago
I did search for httponly and set_cookie, didn't find anything
Anyway, I added a couple of doctests for HttpResponse that might be useful
Note:
See TracTickets
for help on using tickets.
It's too late for new features in 1.1.